This application is not referenced in any microfiche appendix.
1. Field of the Invention
The present invention is directed to an apparatus and method for a secure electronic mail communication system. More particularly, the invention is directed for use in communicating over networks where secure information exchange is required. The invention has utility in applications such as person-to-person communication over network systems, communications over the Internet, interbusiness network communications where security is required, and the like.
2. Prior Art
The use of keys for secure communications is well known. Secure communication systems, as well as key systems, are shown in U.S. Pat. No. 4,182,933, issued to Rosenblum on Jan. 8, 1980, entitled xe2x80x9cSecure Communication System With Remote Key Settingxe2x80x9d; U.S. Pat. No. 4,310,720, issued to Check, Jr. on Jan. 12, 1982; entitled xe2x80x9cComputer Accessing Systemxe2x80x9d; U.S. Pat. No. 4,578,531, issued to Everhart et al., on Mar. 25, 1986, entitled xe2x80x9cEncryption System Key Distribution Method and Apparatusxe2x80x9d; U.S. Pat. No. 4,965,804, issued to Trbovich et al. on Oct. 23, 1990, entitled xe2x80x9cKey Management for Encrypted Packet-Based Networksxe2x80x9d; U.S. Pat. No. 5,204,961, issued to Barlow on Apr. 20, 1993, entitled xe2x80x9cComputer Network Operating With Multi-Level Hierarchial Security With Selectable Common Trust Realms and Corresponding Security Protocolsxe2x80x9d; and U.S. Pat. No. 5,416,842, issued to Aziz on May 16, 1995 entitled xe2x80x9cMethod and Apparatus For Key-Management Scheme For Use With Internet Protocols At Site Firewallsxe2x80x9d.
U.S. Pat. No. 4,182,933, issued to Rosenblum on Jan. 8, 1980, discusses a xe2x80x9cSecure Communication System With Remote Key Settingxe2x80x9d. The Rosenblum ""933 patent describes a system wherein a first subscriber communicates with a key distribution center to get an updated key to initiate secure communications with a second subscriber. An overview of the system shows that the user dials a telephone number into the first subscribing unit. The first subscribing unit then places the telephone number into temporary memory storage. The first subscriber then retrieves its initial caller variable from memory and places it into a key generator. The first subscriber then retrieves the number of the key distribution center (KDC) from its memory and dials the number. Once a connection has been established the first subscriber sends its caller ID as well as the caller ID of the telephone number being called to the KDC. This information is not yet transmitted in a secure manner.
Once the KDC has received the information from the first subscriber, the KDC looks up the caller variable for both the first subscriber and for the telephone number being called. The KDC then generates a new caller variable for the first telephone number. The KDC then transmits the caller variable for the number being called, a new caller variable for the first subscriber, using a secure transmission controlled by the initial caller variable. If this transmission is successful, then the KDC will replace the old caller variable in its table format with a new caller variable and break the connection.
Once the first subscriber has received and deciphered the caller variable for the number to be called and its new key caller variable, it will replace the old and used initial caller variable key with the new caller variable key. The first subscriber will then send the key for the number to be called to the key generator, retrieve the telephone number to be called, and dial the telephone number. The first subscriber will then transmit any information input by the user to the second subscriber using the second subscriber key. The second subscriber will receive information that has been encoded with the second subscriber key and will decode the information and transfer it on to the second user. In an alternative embodiment, after the phone call between the first subscriber and second subscriber, the second subscriber will call and get a new key from the KDC. In this alternative embodiment, both the key for the first subscriber and for the second subscriber will be changed out on every telephone call.
U.S. Pat. No. 4,310,720, issued to Check, Jr. on Jan. 12, 1982 discloses a xe2x80x9cComputer Accessing Systemxe2x80x9d. The specification discloses a method for communicating between an access unit and a computer. The user enters his password into an input device which is connected to an access unit. The access unit generates a pseudo random access key from the password that is entered. The access unit then sends the access unit number and the generated access key to the computer controller for access to the computer system. The computer controller receives the access unit number and access key. The computer controller then verifies the access unit number. If the access unit number is properly verified, the computer controller will then compare the access code to the expected access code listed in a table in the computer""s memory. This expected access code is generated using a congruent pseudo-random decoding algorthym. If the access key code and the expected code match, then the computer controller will establish a link between the access unit and the computer.
The access unit and the computer will talk through an encoded communication system. Both the access unit and the computer will use a randomly generated encryption key for encoding and decoding the communication. This key is independently generated by both the access unit and the computer and is not transmitted over the access unit to computer link. After the termination of the call between the access unit and the computer, the computer will generate and store the next access key number for that particular access unit.
U.S. Pat. No. 4,578,531 issued to Everhart et al. on Mar. 25, 1986 discloses an xe2x80x9cEncryption System Key Distribution Method and Apparatusxe2x80x9d. This system allows the secure method for communication between a terminal xe2x80x9cAxe2x80x9d and terminal xe2x80x9cBxe2x80x9d by using a remote key distribution center. An initial signal is sent from terminal xe2x80x9cAxe2x80x9d to terminal xe2x80x9cBxe2x80x9d to initiate the process of generating a secure communication line. Terminal xe2x80x9cAxe2x80x9d then generates a new call set up key in preparation for communication with the key distribution center, and a partial session key which will be transmitted through the key distribution center to terminal xe2x80x9cBxe2x80x9d. Terminal xe2x80x9cAxe2x80x9d then updates its verification information in preparation for communication with the key distribution center. Terminal xe2x80x9cAxe2x80x9d then initiates the connection with the key distribution center to which it sends its terminal address and the terminal xe2x80x9cBxe2x80x9d address and an encrypted message including the two generated keys and the verification information. At this point, terminal xe2x80x9cAxe2x80x9d will wait for the processing by the key distribution center.
The key distribution center will read the address information from the signal sent from terminal xe2x80x9cAxe2x80x9d and use this to access a de-cryption key previously sent in communication with terminal xe2x80x9cAxe2x80x9d. The message from terminal xe2x80x9cAxe2x80x9d will then be de-crypted and the verification information will be updated. The key distribution center will then generate a bidirectional asymmetric encryption/de-cryption key pair. The first part of this key pair will be sent to terminal xe2x80x9cAxe2x80x9d, and the second part of the key pair will be sent to terminal xe2x80x9cBxe2x80x9d. A similar communication will happen with terminal xe2x80x9cBxe2x80x9d.
The message to terminal xe2x80x9cAxe2x80x9d will consist of a subsequent call key for the next communication with a KDC, a partial session key which it received from terminal xe2x80x9cBxe2x80x9d, verification information, and two other variables xe2x80x9cYxe2x80x9d and xe2x80x9cQxe2x80x9d. These five pieces of information will be encrypted using the call set up key for the present communication with terminal xe2x80x9cAxe2x80x9d and the information will be transmitted to terminal xe2x80x9cAxe2x80x9d. A similar encrypted message will also be sent to terminal xe2x80x9cBxe2x80x9d from the KDC.
Terminal xe2x80x9cAxe2x80x9d will de-crypt the message from the KDC and verify that the information is correct. Terminal xe2x80x9cAxe2x80x9d will then store the new communication key for the next communication with the KDC, take down the channel to the KDC, and establish a communication channel with terminal xe2x80x9cBxe2x80x9d. A similar process will happen at terminal xe2x80x9cBxe2x80x9d. At this point, terminal xe2x80x9cAxe2x80x9d and xe2x80x9cBxe2x80x9d will be able to communicate securely using the partial keys that were exchanged through the KDC. Terminals xe2x80x9cAxe2x80x9d and xe2x80x9cBxe2x80x9d can then use a random number and the variables xe2x80x9cYxe2x80x9d and xe2x80x9cQxe2x80x9d to create a new key which may be used to communicate securely between terminals xe2x80x9cAxe2x80x9d and xe2x80x9cBxe2x80x9d. By using the variables and a random number to generate a new communication key, a secure communication encryption message may be employed which cannot be known by any outsiders to terminal xe2x80x9cAxe2x80x9d and xe2x80x9cBxe2x80x9d, including the KDC.
U.S. Pat. No. 4,965,804, issued to Trbovich et al., on Oct. 23, 1990, discloses a xe2x80x9cKey Management For Encrypted Packet Based Networksxe2x80x9d. This method of key management uses a key distribution center for sending keys to remote locations so that a secure communication can be made. Specifically, the system is designed to be compatible with X.25 type packet switching networks. This compatibility requires a balanced transmission which is implemented by a transparent device between the source DTE and second YDTE. The source DTE sends a transmit request to the transparent device which responds with a dummy signal back to the source DTE. The transparent device then contacts the key management system and obtains a key. A similar key is sent to the transparent device for the second DTE. The transparent devices for the first DTE and the second DTE then establish a communication network with an encrypted signal transfer, and finally the source DTE talks to the second DTE through the transparent devices and the encrypted connection.
U.S. Pat. No. 5,204,961, issued to Barlow on Apr. 20, 1993, discloses a xe2x80x9cComputer Network Rating With Multi-Level Hierarchial Security With Selectable Common Trust Realms and Corresponding Security Protocolsxe2x80x9d. The invention involves a method for setting up network communications between two trusted computer systems. Each trusted computer has a common set of protocols for the protection of data contained therein. Thus, if a user for a trusted computer system attempts to send data to a non-trusted computer system, then the trusted computer system will stop the message transfer and will not allow the communication to occur. This system operates as a method for two trusted computers to talk over a network which is not physically secure against interlopers. Each computer that is a member of a specific trust realm enforces a predefined security policy and defines security levels for the data contained within the computer. Before a trusted computer transmits a specified message, the trusted computer checks the trust realm table to verify that both the transmitting and receiving computers are part of at least one common trust realm. If both computers are part of a common trust realm, then the message will be transferred using the appropriate protocol for that trust realm. If the computers are not both members of the trust realm, then the message will not be transmitted. The communication between two trusted computers consists of a message which is transmitted as a protocol data unit which includes a sealed version of the message, authenticated identifies for the sending system and user, the message security level label, and an identifier for the selected trust realm. The transmitted message is then received, processed for validity and if valid, the message is processed within the receiving computer.
U.S. Pat. No. 5,416,842, issued to Aziz on May 16, 1995, discloses a xe2x80x9cMethod and Apparatus For Key-Management Scheme For Use With Internet Protocols at Site Firewallsxe2x80x9d. This system consists of separate private networks which communicate over an Internet type connection through firewalls. A private network xe2x80x9cIxe2x80x9d communicates through a firewall xe2x80x9cAxe2x80x9d to the Internet where the message is transferred to firewall xe2x80x9cBxe2x80x9d and then decoded and sent on to another private network xe2x80x9cJxe2x80x9d. This allows private network xe2x80x9cIxe2x80x9d and private network xe2x80x9cJxe2x80x9d to communicate in a secure encapsulated message while having firewall protection. The invention begins with a source node xe2x80x9cIxe2x80x9d sending a data gram to the firewall xe2x80x9cAxe2x80x9d. Firewall xe2x80x9cAxe2x80x9d has a secret value xe2x80x9cSAxe2x80x9d and a public value xe2x80x9cPAxe2x80x9d. Similarly, firewall xe2x80x9cBxe2x80x9d is provided with a secret value xe2x80x9cSBxe2x80x9d and a public value xe2x80x9cPBxe2x80x9d. In this manner both firewall xe2x80x9cAxe2x80x9d and firewall xe2x80x9cBxe2x80x9d can acquire a shared secret value xe2x80x9cSABxe2x80x9d without having to communicate. The communication is initiated by providing firewall xe2x80x9cAxe2x80x9d and firewall xe2x80x9cBxe2x80x9d with initial values for all other secure firewalls on the network. Firewalls xe2x80x9cAxe2x80x9d and xe2x80x9cBxe2x80x9d then use secret value xe2x80x9cSABxe2x80x9d to create a key xe2x80x9cKABxe2x80x9d. The transmitting firewall then generates a random key xe2x80x9cKPxe2x80x9d which is used to encrypt the received data. The key xe2x80x9cKPxe2x80x9d and the encrypted data are then all encrypted by the public key xe2x80x9cKABxe2x80x9d for transmission over the Internet. Firewall xe2x80x9cBxe2x80x9d will then use key xe2x80x9cKABxe2x80x9d to de-crypt the message for the private key xe2x80x9cKPxe2x80x9d and de-crypt the data that has been transmitted. In this manner the transmitting firewall can constantly be changing the private key xe2x80x9cKPxe2x80x9d which increases the security of the system.
The above-described key distribution and encryption systems suffer from the drawbacks of using known communication pathways, having known addresses, and some systems even transfer secure key information over the communication lines.
Hence, there is a need for an improved communication method which allows for encrypted information transfer to dynamic locations without transmitting the keys over the communication line.
Additionally, there remains a need for a mechanism in which to log on to a computer system securely without passing password.
In accordance with the present invention, an improved encoded or encrypted method for transferring information is provided which addresses the drawbacks of the prior art devices.
In accordance with one embodiment of the present invention a message is input to a first device which obtains a dynamic address from a first server to allow for connection to a second server.
A further embodiment of the invention allows for transmitting the message from the first device to the second server, receiving the message at the second server, storing the message until transfer to a second device as requested, and then transmitting the message to the second device from the second server.
Another embodiment of the present invention allows for encoding the message before it is input to the first device, and decoding the message after it has been received at the second device.
Yet another embodiment of the present invention allows for multiple servers which can be contacted to obtain the dynamic address of another server.
A still further embodiment of the present invention uses a remote administrator to control access both to the first server for obtaining the dynamic addresses, and to the second server for message transfers.
In accordance with another embodiment of the present invention, the user access to the secure name server is controlled by a remote administrator which creates, authorizes and deletes valid user ID/password combinations.
In accordance with another example of the present invention, the system allows for an electronic mail transfer between two users where a direct communication between the first user and second user never occurs. In this manner, two users can communicate without actually having a direct connection which is detectable by other parties.
The principal object of the present invention is to provide an easy to use, protected, electronic mail system for communication.
Another object of the present invention is to allow for the establishment of multiple electronic mail servers for different user categories.
A still further object of the present invention is to provide for a system which can communication on both secure and non-secure electronic mail servers.
Yet another object of the present invention is to provide for a program which allows for automatic and immediate deletion of electronic mail messages once they have been sent.
Other objects and further scope of the applicability of the present invention will become apparent from the detailed description to follow, taken in conjunction with the accompanying drawings wherein like parts are designated by like reference numerals.